CN108449346A - A kind of key generation client - Google Patents
A kind of key generation client Download PDFInfo
- Publication number
- CN108449346A CN108449346A CN201810241948.4A CN201810241948A CN108449346A CN 108449346 A CN108449346 A CN 108449346A CN 201810241948 A CN201810241948 A CN 201810241948A CN 108449346 A CN108449346 A CN 108449346A
- Authority
- CN
- China
- Prior art keywords
- key
- module
- request
- server
- connection request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of keys to generate client, including connection request module, responder module, key request module and cipher key calculation module, wherein:The connection request module, which is used to generate client to another key, sends connection request;The responder module is due to after receiving connection request, sending response message;The key request module is used for server requests key;The message computation key that the cipher key calculation module is used to be returned according to server.
Description
【Technical field】
Field is generated the invention belongs to key more particularly to a kind of key generates client.
【Background technology】
Key is a kind of parameter, it is to be converted to ciphertext in plain text or converting ciphertext into the ginseng inputted in the algorithm of plaintext
Number.Key is divided into symmetric key and unsymmetrical key.In modern computer, in order to ensure safety, key pair is usually used
The information of user is encrypted, this just needs to generate key.It is how safe, credible, be quickly generated key, be modern computer
In an important topic.
【Invention content】
In order to solve the above problem in the prior art, the present invention provides a kind of keys to generate client.
The technical solution adopted by the present invention is specific as follows:
A kind of key generation client, including connection request module, responder module, key request module and cipher key calculation mould
Block, wherein:
The connection request module, which is used to generate client to another key, sends connection request;
The responder module is due to after receiving connection request, sending response message;
The key request module is used for server requests key;
The message computation key that the cipher key calculation module is used to be returned according to server.
Further, it further includes communication module that the key, which generates client, for server and other clients into
Row communication.
Further, the connection request includes random connection code and request code.
Further, the response message is for informing that other side has received connection request.
Further, the key generates client and is registered in advance in server.
Beneficial effects of the present invention are:In the case where not reducing safety, compared with the prior art, method of the invention is more
Add simple and reliable, reduce the complexity of realization, low, the equipment that can be applied to different computing capabilitys is required to computing capability.
【Description of the drawings】
Attached drawing described herein is to be used to provide further understanding of the present invention, and is constituted part of this application, but
It does not constitute improper limitations of the present invention, in the accompanying drawings:
Fig. 1 is the tripartite involved by key generation process of the present invention;
Fig. 2 is the building-block of logic that key of the present invention generates client.
【Specific implementation mode】
Come that the present invention will be described in detail below in conjunction with attached drawing and specific embodiment, illustrative examples therein and says
It is bright to be only used for explaining the present invention but not as a limitation of the invention.
The key of the present invention generates client when using, and is segmented into two sides in logic:Key request side and key connect
Debit.Under the assistance of server, key is generated between key request side and key generation side.
The key request side and recipient are the both sides for needing that communication is encrypted on network.The key request side is
A side of the coded communication is initiated, and initiates the generating process of key by the key request side.The key reception method
It is the key generation process for receiving a side of coded communication, and the key request side being coordinated to initiate.The key generates client
End includes connection request module, responder module, key request module and cipher key calculation module.In addition, the key generates client
End further includes communication module, for being communicated with server and other clients.
The server is a neutral trusted third party, is used to be that each side for generating key is needed to carry out in advance
Registration, and a secret information generated at random is provided respectively for each side.For example, A is registered to the server, server
After being authenticated to the identity of A, a secret information Secret is generated at random, it is preferred that in order to ensure enough safety,
Secret is no less than 1024 binary numbers.The secret information is supplied to A, is preserved respectively by A and server.
Based on above-mentioned trigonal crystal structure, the process for generating key to the present invention below is described in detail:
(1) key request side initiates the connection request by connection request module to key reception side, takes in a connection request
With a connection code LA and request code ID;The connection code LA and request code ID is one generated at random by request module
Number.
For security consideration, the digit of the connection code should long enough, it is preferred that connection code secret should be believed with above-mentioned
It is the same to cease Secret, no less than 1024.
(2) key reception side is generated a connection code LB by responder module, then replied at random after receiving connection request
Module sends a response message to key request side.
As connection code LA, the digit of connection code LB should also be as long enough, under preferable case, the digit phase of LB and LA
Together.But LB is not included in response message, which only informs that key request side, key reception side have received
Request, and be ready to generate key.
(3) after receiving response message, the key request module of key request side sends one to server for key request side
A secret key request message KeyRequestA, the KeyRequestA include connecting code LA, request code ID and Hash result HA,
Wherein HA=Hash (SecretA ⊕ LA) }.
Key reception side sends another secret key request message to server simultaneously also by the key request module of itself
KeyRequestB, the KeyRequestB include request code ID, LC and Hash result HB.
Wherein LC=LA ⊕ LB, HB=Hash (SecretB ⊕ LA ⊕ LB).
Wherein, SecretA is the secret information that key request side is obtained in server registration, and SecretB is that key connects
The secret information that debit obtains in server registration.Hash is a hash function, can be used any one in this field
Hash algorithm well known to kind.
All include the number that its own is generated at random in the Hash calculation of key request side and key reception side, in this way may be used
To avoid specified Hash result is obtained by go-between, safety ensure that.
(4) server is primarily based on request code ID and determines that the two are close after receiving above-mentioned two secret key request message
Key request message is to come from a pair of secret keys requesting party and recipient;Then respectively to the Hash result in two secret key request messages
It is verified, if there are one verifications not to pass through, server ignores the two secret key request messages, and method terminates;If tested
Card all passes through, then continues subsequent step.
Specifically verification process is:
For KeyRequestA, server voluntarily calculates Hash (SecretA ⊕ LA) (since server saves in advance
SerectA, so server can calculate the Hash), judge whether result of calculation is equal with HA, if unequal, verifies
Do not pass through, is otherwise verified.
For KeyRequestB, server voluntarily calculates Hash (SecretB ⊕ LA ⊕ LB), judges result of calculation and HB
It is whether equal, if unequal, verify and do not pass through, is otherwise verified.
(5) server generates a key Key at random, calculates separately KA and KB, i.e.,:
KA=Key ⊕ SecretA, KB=Key ⊕ SecretB
Then KA is sent to key request side by server, and KB is sent to key reception side.
(6) after key request side receives KA, Key, i.e. Key=KA ⊕ SecretA are calculated by its cipher key calculation module;
After key reception side receives KB, Key=KB ⊕ SecretB are calculated also by its cipher key calculation module.
So far, key request side and key reception side all respectively obtain common key Key, close so as to be based on this
The operations such as communication are encrypted in key.
From above procedure as can be seen that an entire key generation process pertains only to exclusive or calculating, calculating process is simple, therefore
It is very low to the computing capability requirement of key request side and key reception side, therefore even if this two side is that computer capacity is lower
Equipment can also complete key generation process.Also, key generation process each time all relies on the connection of both sides' generation
Code, and believable server is needed to verify between two parties, after server has separately verified the identity of both sides, key is generated, therefore whole
A process has enough safeties, and the both sides' identity for generating key can be traced in the later stage.
The above is only the better embodiment of the present invention, therefore all constructions according to described in present patent application range,
The equivalent change or modification that feature and principle are done, is included within the scope of present patent application.
Claims (5)
1. a kind of key generates client, which is characterized in that including connection request module, responder module, key request module and
Cipher key calculation module, wherein:
The connection request module, which is used to generate client to another key, sends connection request;
The responder module is due to after receiving connection request, sending response message;
The key request module is used for server requests key;
The message computation key that the cipher key calculation module is used to be returned according to server.
2. key according to claim 1 generates client, which is characterized in that further include communication module, be used for and service
Device and other clients are communicated.
3. the key according to claim 1-2 any one generates client, which is characterized in that wrapped in the connection request
Include random connection code and request code.
4. the key according to claim 1-3 any one generates client, which is characterized in that the response message is used for
Inform that other side has received connection request.
5. key generates client according to any one of claims 1-4, which is characterized in that the key generates client
It is registered in advance in server at end.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810241948.4A CN108449346B (en) | 2018-03-22 | 2018-03-22 | Key generation client |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810241948.4A CN108449346B (en) | 2018-03-22 | 2018-03-22 | Key generation client |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108449346A true CN108449346A (en) | 2018-08-24 |
CN108449346B CN108449346B (en) | 2021-07-27 |
Family
ID=63196295
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810241948.4A Active CN108449346B (en) | 2018-03-22 | 2018-03-22 | Key generation client |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108449346B (en) |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090138714A1 (en) * | 2007-11-26 | 2009-05-28 | Kabushiki Kaisha Toshiba | Communication apparatus, key server, management server, communication server, content distribution system, communication method, and recording medium |
CN101715638A (en) * | 2007-03-20 | 2010-05-26 | 迪姆威奇软件有限责任公司 | Secure electronic messaging system requiring key retrieval for deriving decryption key |
CN103166958A (en) * | 2013-02-26 | 2013-06-19 | 深圳创维数字技术股份有限公司 | Protection method and protection system of file |
CN103763356A (en) * | 2014-01-08 | 2014-04-30 | 深圳大学 | Establishment method, device and system for connection of secure sockets layers |
CN103974241A (en) * | 2013-02-05 | 2014-08-06 | 东南大学常州研究院 | Voice end-to-end encryption method aiming at mobile terminal with Android system |
CN104081711A (en) * | 2011-12-16 | 2014-10-01 | 阿卡麦科技公司 | Terminating SSL connections without locally-accessible private keys |
US20160254910A1 (en) * | 2016-05-07 | 2016-09-01 | Keir Finlow-Bates | Revocation of cryptographic keys in the absence of a trusted central authority |
WO2016155826A1 (en) * | 2015-04-01 | 2016-10-06 | Telefonaktiebolaget Lm Ericsson (Publ) | System, apparatus and method for load balancing |
CN106535184A (en) * | 2016-10-18 | 2017-03-22 | 深圳市金立通信设备有限公司 | Key management method and system |
-
2018
- 2018-03-22 CN CN201810241948.4A patent/CN108449346B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101715638A (en) * | 2007-03-20 | 2010-05-26 | 迪姆威奇软件有限责任公司 | Secure electronic messaging system requiring key retrieval for deriving decryption key |
US20090138714A1 (en) * | 2007-11-26 | 2009-05-28 | Kabushiki Kaisha Toshiba | Communication apparatus, key server, management server, communication server, content distribution system, communication method, and recording medium |
CN104081711A (en) * | 2011-12-16 | 2014-10-01 | 阿卡麦科技公司 | Terminating SSL connections without locally-accessible private keys |
CN103974241A (en) * | 2013-02-05 | 2014-08-06 | 东南大学常州研究院 | Voice end-to-end encryption method aiming at mobile terminal with Android system |
CN103166958A (en) * | 2013-02-26 | 2013-06-19 | 深圳创维数字技术股份有限公司 | Protection method and protection system of file |
CN103763356A (en) * | 2014-01-08 | 2014-04-30 | 深圳大学 | Establishment method, device and system for connection of secure sockets layers |
WO2016155826A1 (en) * | 2015-04-01 | 2016-10-06 | Telefonaktiebolaget Lm Ericsson (Publ) | System, apparatus and method for load balancing |
US20160254910A1 (en) * | 2016-05-07 | 2016-09-01 | Keir Finlow-Bates | Revocation of cryptographic keys in the absence of a trusted central authority |
CN106535184A (en) * | 2016-10-18 | 2017-03-22 | 深圳市金立通信设备有限公司 | Key management method and system |
Non-Patent Citations (2)
Title |
---|
VIRENDRA KUMAR,JONATHAN PETIT,WILLIAM WHYTE: "Binary hash tree based certificate access management for connected vehicles", 《PROCEEDINGS OF THE 10TH ACM CONFERENCE ON SECURITY AND PRIVACY IN WIRELESS AND MOBILE NETWORK》 * |
贾宁: "密钥哈希消息认证码椭圆曲线数字签名", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Also Published As
Publication number | Publication date |
---|---|
CN108449346B (en) | 2021-07-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111682938B (en) | Three-party authenticatable key agreement method facing centralized mobile positioning system | |
CN101902476B (en) | Method for authenticating identity of mobile peer-to-peer user | |
CN110234111B (en) | Two-factor authentication key agreement protocol suitable for multi-gateway wireless sensor network | |
CN113612605B (en) | Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology | |
CN102868531B (en) | Networked transaction certification system and method | |
CN101442411A (en) | Identification authentication method between peer-to-peer user nodes in P2P network | |
TW431108B (en) | Method for establishing a key using over-the-air communication and password protocol and password protocol | |
CN108848074B (en) | Information service entity cross-domain authentication method based on domain agent trust value | |
CN110048849A (en) | A kind of session cipher negotiating method of multilayer protection | |
CN104753937A (en) | SIP (System In Package)-based security certificate registering method | |
CN110278088A (en) | A kind of SM2 collaboration endorsement method | |
CN105577612A (en) | Identity authentication method, third party server, merchant server, and user terminal | |
CN104767624A (en) | Remote protocol authentication method based on biological features | |
CN111817846A (en) | Lightweight key negotiation communication protocol | |
CN106789057A (en) | Cryptographic key negotiation method and system under satellite communication protocols | |
CN115514474A (en) | Industrial equipment trusted access method based on cloud-edge-end cooperation | |
CN106921491B (en) | Safe and efficient outsourcing calculation implementation method and system | |
CN112788011A (en) | Gateway bidirectional authentication system and method based on state cryptographic algorithm | |
CN116599659B (en) | Certificate-free identity authentication and key negotiation method and system | |
CN112653554A (en) | Signature method, system, equipment and readable storage medium | |
CN103986716A (en) | Establishing method for SSL connection and communication method and device based on SSL connection | |
CN109102294B (en) | Information transmission method and device | |
CN114584975B (en) | SDN-based anti-quantum satellite network access authentication method | |
CN115955320A (en) | Video conference identity authentication method | |
CN110519219A (en) | A kind of password authentication key exchange method and system based on lattice |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |